[openssl-project] Monthly Status Report (May)

Matt Caswell matt at openssl.org
Mon Jun 4 16:32:27 UTC 2018


As well as normal reviews, responding to user queries, wiki user
requests, OMC business, handling security reports, etc., key activities
this month:

- Fixed a mem leak in CMS_RecipientInfo_set0_pkey() and added some CMS tests
- Added a note around performance and Nagle's algorithm on the
SSL_connect() man page
- Performend the 1.1.1 pre6 release
- Fixed some errors and missing info in the CMS docs
- Add getter for X509_VERIFY_PARAM_get_hostflags
- Fixed SSL_get_shared_ciphers() to actually return the shared ciphers
rather than the client ciphers
- Fixed SSL_has_pending() in DTLS
- Attended the OMC f2f in Ottawa
- Fixed a failure in the event of an out-of-order CCS in DTLS
- Fixed s_server/s_client to correctly use the DTLS timer
- Ensure we resend the last DTLS flight if we don't get any app data
from the peer
- Fixed the ticket callbacks in TLSv1.3 and added associated tests
- Fixed various "no" config options (multiple times in the month!)
- Implemented a preference for SHA-256 when using "old style" PSKs to
aid backwards compatibility
- Fixed a DTLS problem where we did a memcpy of a NULL pointer of zero
length, which is undefined behaviour
- Implemented configurable number of TLSv1.3 session tickets
- Implemented support for TLSv1.3 drafts 26/27/28 all at the same time
- Made BN_GF2m_mod_arr more constant time as a defence against side
channel attacks
- Reverted an earlier change to pkeyutl to avoid EVP_PKEY_sign() for
EdDSA. Also fixed a number of other issues with this application.
- Fixed "ca" so that it can use EdDSA
- Fixed some undefined behaviour in X509_NAME_cmp()
- Modified TLSv1.3 stateless tickets so that they are not cached
unnecessarily
- Fixed a bug where post-handshake auth Finished messages used the wrong key
- Added some sanity checks for a point to check it is defined for the
right curve before we perform operations on it
- Updated the "Connected Commands" section of the s_server/s_client docs
- Create a PR (ongoing) for doing auto-retry in shutdown to fix test
issues reported in CPython
- Fixed mathematics error in calculating "a ^ 0 mod -1"
- Performed the 1.1.1 pre7 release
- Fixed most of the outstanding Coverity defects
- Major tidy up of the SM2 code

Matt


More information about the openssl-project mailing list